Lucene search
HistoryApr 08, 2015 - 10:59 a.m.
CVE-2015-0798
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
69.6%
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
Affected configurations
Node
oraclesolarisMatch11.3
Node
mozillafirefoxRange≤37.0
googleandroid
Related
prion
prion
Design/Logic Flaw
2015-04-08 10:59:00
mozilla
mozilla
Loading privileged content through Reader mode — Mozilla
2015-04-03 00:00:00
cve
cve
CVE-2015-0798
2015-04-08 10:59:00
cvelist
cvelist
CVE-2015-0798
2015-04-08 10:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-04-03 00:00:00
nessus
nessus
kaspersky
kaspersky
KLA10531 Security bypass vulnerabilities in Mozilla Firefox
2015-04-06 00:00:00
symantec
symantec
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
2016-03-07 08:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201512-10
2015-12-31 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
69.6%
Related for NVD:CVE-2015-0798